United States Patent im 

Markowski et al. 



iiiiiiiiiiniiiiiiiiniii 

US005506905A 
Hi] Patent Number: 5,506,905 
[45] Date of Patent; Apr. 9, 1996 



[54] AUTHENTICATION METHOD FOR 
KEYLESS ENTRY SYSTEM 

[75] Inventors: Dale W. Markowski, West Milwaukee, 
Wis.; Oddy N. Khamharn, Gurnee, 
111.; Mark E, Bianco, Pomona, Calif. 

[73] Assignee: Deico Electronics Corp., Kokomo, Ind. 



[21] Appl. No.: 257,982 

[22] Filed: Jim. 10, 1994 

[51] Int CL 6 

[52] U.S. O 

[58] Field of Search 



380/25; 380/23 

380/23-25,49, 

380/50 



is Cited 
U.S. PATENT DOCUMENTS 



5,195, 6 10 3/1993 Hill et al. .. 

5,369,706 12/1994 Lalka 

5,398,284- 3/1995 Koopman, : 

5,420,925 5/1995 Micoaels ... 



OTHER PUBLICATIONS 

Clifford advertisement. Car Audio & Electronics, May 1994, 
vol, 7, p. 75. ' 
Viper advertisement, Car. Audio & Electronics magazine, 



May 1994, voL 7, p. 73. 

"Code Grabbing," Car Audio and Electronics magazbe, 
May 1994, vol 7 pp. 72, 74, 76. 



Primary Examiner— Salvatora Cangiaiosi 
Attorney, Agent, or Firm— Mark A. Navarre 



[57] 



ABSTRACT 



A system for remotely controlling a desired door locking or 
other function in a vehicle or other protected environment 
has a transmitter and receiver for communicating a message 
including a sequence number, the code of a selected function 
to be performed and an authenticate* An algorithm in the 
transmitter and in the receiver has a cryptographic key and 
a seed code. Each algorithm generates the authenticator as a 
function of both the seed code and the function code; if the 
authenticators are equal, the message is valid. Upon each 
transmission the seed code is updated and the sequence 
number is incremented. The receiver updates its seed code 
according to the transmitted sequence number to keep the 
algorithms in synchronism. 
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AUTHENTICATION METHOD FOR 
KEYLESS ENTRY SYSTEM 

HELD OP THE INVENTION 
This invention relates to a keyless entry system for a 5 
motor vehicle or other protected environment, and particu- 
larly to a cryptographic method of secure communication for 
a keyless entry system. 

BACKGROUND OF THE INVENTION " 
Personal-size remote control transmitters are widely used 
to provide a convenient method of locking or unlocking 
vehicles, and/or to remotely arm or disarm vehicle theft 
deterrent systems. They are also used Co control home/ Li 
business security systems and garage door openers. If these 
transmissions can be spoofed or played back, then these 
systems can be controlled by unauthorized parties to gain 
unwanted access to the protected environment Most, if not 
all, of these systems provide very little protection against 20 
spoofing and no protection at all against the playback of 
legitimate messages that have been recorded and/or modi- 
fied. The term "spoofing" as used herein refers to the 
creation of a false message that is accepted by the system as 
a vaHd message. 25 

Conventional vehicle keyless entry systems prevent acci- 
dental interference from other transmitters through the use 
of frequency separation and identification codes. Some 
manufacturers use oiily one frequency, while others may 
have a number of frequence ivaiiabie (but usual! v nly < i 
is used in any given system). Identification codes are then 
used to further ensure that one person's transmitter will not 
accidentally control someone else's system. These systems 
typically prevent guessing the identification code (usually 
between 16 and 32 bits) with penalty functions that limit the 
rate at which transmissions can be processed. For example, 
limiting receptions to one per second places a limit on how 
long it might take a thief to find the correct identification 
number by trying all possible combinations. However, these 
systems will accept any previously transmitted message that 40 
had been recorded and played back at any time in the future. 
Playback attacks can therefore be implemented very inex- 
pensively, and such attacks are known to be used by pro- 
fessional car thieves who target specific vehicles. Since a 
successful attack will usually unlock the doors and simul- 45 
taneously disarm alarm and ignition disable systems, the risk 
of being caught is significantly reduced. 

A simple method of preventing playback attack is to 
include a simple dynamic security code in the message that 50 
changes with each transmission. The receiver calculates the 
next code in the sequence, and accepts a message as valid 
only if the received code matches the expected code. This 
method is insecure for three reasons. First, a thief can predict 
the next code sequence from knowledge of previous 55 
sequences, in much the same way as the receiver can predict 
which sequence to expect based on the last transmission. 
Second, once the code sequence has been determined, it can 
be used to issue false commands to all similar receivers. 
Third, the algorithm used to generate the code sequence m 
must usually be kepi secret, because a thief can much more 
easily predict the code sequences when the algorithm is 
known. 

Message authentication using cryptographic techniques is 
a better method for preventing spoofing and playback 65 
attacks. However, applying conventional message authenti- 
cation to personal transmitter-based systems has not been 
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used in the past since the available authentication algorithms 
have been too complex for implementation in very low cost 
systems. In addition, significantly larger message sizes were 
necessary to accommodate cryptographic synchronization, 
and the resulting increase in transmission time significantly 
reduced the expected life of the miniature batteries typically 



SUMMARY OF THE INVENTION 
It is therefore an object of the invention to generate very 
secure authenticated messages requiring a short transmis- 
sion time to economize battery life in a personal transmitter. 
Another object is to obtain an exceptionally high level of 
protection from spoofing and playback attacks from a rela- 
tively short authenticated message. Still another object is to 
maintain a high level of security even where details of the 
security mechanisms and their implemcrrtation are known to 
an adversary. 

The invention as described herein is not vulnerable to 
these types of attacks, multiple frequencies are not neces- 
sary, very inexpensive single-chip microcontrollers can 
implement all of the functions and quickly execute them, 
battery life is extended due to a unique message protocol that 
minimizes the amount of information that must be transmit- 
ted wmle maintaining a high level of security, and field 
support is simplified since transmitters and/or receivers can 
be easily replaced by authorized dealerships without the 
need for ordering a customized replacement from the fac- 
tory. 

A vehicle keyless entry system is composed of a trans- 
mitter for use by the vehicle's driver, and a receiver located 
within the vehicle. The transmitter emits RF signals in 
response to the activation of one or more buttons. The 
receiver periodically checks for the presence of a transmis- 
sion, and performs the requested function only if fields 
within the message are intended for that particular receiver 
and: it contains a valid security code. 

A cryptograpMcally based dynamic security code is 
included in the message structure to prevent me" recording 
and subsequent playback of legitimate messages, and to 
prevent a receiver from being deceived into accepting mes- 
sages from unauthorized sources. The security code 
sequence is determined by cryptographic techniques to 
assure that it is not predictable from knowledge of past 
sequences. 

Once a transmitter is manufactured, it is programmed 
with a transmitter identification (ED), a default sequence 
number, a randomly generated initial seed, and a crypto- 
graphic key. The transmitter ID and initial seed are unique 
to each transmitter. The cryptographic key may be common 
to all transmitters, common only to some number of trans- 
mitters, or unique to each transmitter. The randomly gener- 
ated initial seed is used as the starting point from which the 
authentication algorithm advances with each transmission. 
The sequence number also ad vances with each transmission 
to indicate to the receiver the required number of advances 
that it must perform to cryptographicaily synchronize with 
the transmission. 

Future code sequences cannot be predicted from past 
sequences because each sequence is dependent on irtforma- 
tioi . Is cted by the operator just prior to transmission (e.g., 
information identifying which button was actuated) as well 
as the mechanics of the algorithm itself. The algorithm also 
does not need to be kept secret; only the cryptographic key 
which defines its specific mathematical operations needs to 
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be kept secret. Since this key can be unique to each code to generate an authentication code which is different for 

individual transmitter and can be easily programmed during every transmission. Uw» preventing successful replay of a 

system fabrication, knowledge of the algorithm does not previously transmitted message. The authentication code is 

reduce the level of security provided by the system. In sufficiently short to be transmitted economically but the 

addition, because each traBsmitter/receiver pair generates a 5 generation procedure has a complexity that renders it 

completely different sequence of codes, knowledge of one impractical for an adversary to predict the next valid code 

such sequence cannot be used to issue false commands to based on knowledge of previously transmitted messages, 

other receivers. The procedure for message validation is first to compare the 

Receivers must be programmed to accept messages from ^flrf m T$ fa £f 'T™ ^ moiy < wd 

The receiver records this information in non-volatile the same 

memory so that it may recognize that transmitter in the ~ ' . . . , . 

future. An alternate method is to program this informarion is .^o "nechamsms are jointly used to assure that the 

directly into the receiver during its fabrication, but the ^uthenticauon code changes in an unpredictable manner, 

preferred method should be retained to easily re-program a u ' ^ ^thm operates on a seed code which is 

receiver to accept new transmitters in the field in case a chansed accor dmg to a set of rales for each transmission. A 

transmitter is lost or the receiver becomes damaged or fails ^equeiice number is also mcremented with each transmission 

A program switch is provided within the vehicle to enable ^f " included m the message so that lie receiver algorithm 

this receiver function and to prevent transmissions from how many seed code changes to execute in order 

unauthorized transmitters from altering this information 10 res y ncar0IJ f : «* the transmitter since the receiver docs 

s auo "- not necessarily receive each transmission. Second, the 

BRIEF DESCRIPTION OF THE DRAWINGS aU * e f cms: 0060 « generated as a function of the seed code 

U mB UKAWIiNL,Sl 25 and the cryptographic key as well as the desired function 

Hie above and other advantages of the invention will o 0 * 5 - Since for each transmission the function code depends 

become more apparent from the following description taken oa whte h button the operator selects, another level of 

in conjunction with the accompanying drawings wherein complexity is added to the autheriticator code generation to 

like references refer to like parts and wherein: confound attempts to determine a predictable progression ol 

FIG. 1 is a block diagram illustrating a keyless entry 30 codcs - 
system for a motor vehicle; The upper portion of FIG. 2 illustrates the data inputs to 
FIG. 2 is a block diagram illustrating the keyless entry ^ transmitlel ' algorithm and to various fields of the trans- 
system with authenticated communication according to the mltted messa 8 c - and ±e authemicator code which is the 
invention; product of the algorithm and also forms a field of the 
FIG 3 is an illimtrarinn of mpwam. « n ^h.r<. f™- » message. A cyclic redundancy code (CRC) is also calculated 
^^SS& fi.malitheotherfieiddataandmcludedinthemessagc.Th, 
:,, . I unique ID assigned to each transmitter also forms a field of 
FIG. 4 is art illustration m ss ag i structure for receiver each message, bat the ID does not enter the algorithm 
programming according to the invention; and calculation. The algorithm may be any cryptographic-based 
FIG. 5 is a schematic diagram of a prior art cryptographic 40 authentication algorithm. Typically the specific procedures 
algorithm design which is useful in carrying out the inven- of such an algorithm will be determined by the mathematical 
function, a key, and on an initial working state known as a 
seed. Here the seed value is initially programmed into the 
DESCRIPTION OF THE INVENTION transmitter, but the seed value is then updated with each 

Although the ensuing .description is directed to a vehicle « S^AuSllWJSSSSffi 

l^Z ^ X * r h6S ^ We 1 10 garage d °° r fortte "kutadon of «* authenticator. Theinitial iedS 

operators and to home or business secunty systems. key , and uhe m m pennanem1v stored in each ^rim 

FIG. 1 shows a keyless entry system for a motor vehicle A sequence number, beginning at 1, is incremented with 

which includes a number of portable remote controls or fobs 50 each transmission, A function code representing a command 

10 small enough to carry in one's pocket or on a key chain. to lock doors, unlock doors, etc. as selected by the buttons 

Each fob 10 has buttons 12 for manual selection of desired from a table of stored function codes, is also input to the 

functions to be performed in the vehicle, a microprocessor algorithm which then generates an authenticator code as a 

14 responsive to button actuation for formulating a com- function of the current seed and the function code. The 

martd message, including an authemicator code and a func- 5S message to be transmitted is (hen assembled and includes a 

tton code identifying the desired function to be performed, preamble, the selected function code, the transmitter ID the 

and a radio transmitter 16 for transmitting the message. The sequence number, the authenticator, and the CRC, as shown 

fob 10 functions are supported by a miniature battery, not in FIG. 3. 

shown, which should have a life of several years. In the The lower part of FIG. 2 represents the receiver functions 

vehideareceiverl* receives theiiansmrtted message, if the 60 wM ch includeTa memory for each associated transmitter 

K*Jt*?'?r"T and amteroprocessor coffiprising its ro , its ^ last Ms J^,£Z™X 

20 acts upon data m the recerved message to determine last ™, orted sequence number and its initial seed ™ C 

the desired function. tmnsmitted ID is matched to one of the stored IDs and the 

Each microprocessor 14 and 20 is programmed to execute 65 stored data related to that ID is used by the algorithm along 

a cryptographic algorithm which operates on certain stored with the transmitted function code and sequence number to 

and/or transmitted data, as well as on a selected function generate a receiver authenticator. If it is equal to the trans- 
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nutted aathenacator ttemessage is verified as legitimate and pensive microprocessor is capable of achieving a high level 

the operation rndtcated by the function code is performed. In of security in £he authendcator and at ta" toe IS 

ease tbe stored sequence number is less than the one in the the authenticator to a short length to minimize transmission 

message, the algorithm will advance the seed value and the time and to thereby economize on battery life, 

sequence number until the sequence numbers are equal; then 5 Transmitter Operation 

the transmitter and receiver seed values will also be equal The following description illustrates the typical opera- 

and the authenticator can be calculated. tions performed when a transmitter button is pressed It is 

Message Structure assumed that a key and an initial seed have been' pro- 

The message structure for normal messages (e.g, door grammed into the transmitter and receiver. 

lock, door unlock, trunk/batch release, and panic) is shown w _____ 

in FIG 3. The preamble indicates the start of a message. The begin ™ "" " 



remaining fields compose the actual command. Hie function - Detmafae the fcnc&m code (fq 

code identifies the operation being requested, and corre- " " 
spends to one or more switch actuations. The transmitter ID 

is a unique binary value associated with each individual 15 

transmitter. The sequence number is used to synchronize the Mod-z add the fc w the wr feedback bit-by'-wt and 

transmitter and receiver to account for situations in which increment the wr 
messages are received in error due to RF noise, or the 

transmitter is operated beyond the range of the receiver, or „. , v ..-,. c 

when the transmitter battery is replaced, The receiver will 20 a* message ' 

only perform the requested operation when a transmitter ID 01,0 aom * L 

is recognized as belonging to that receiver, and the authen- ~ — 

ticator is verified. When a transmitter button is pressed, its corresponding 

Message playback is prevented since tbe sequence nnm- function code is determined. The previous state of the 

ber is incremented with each transmission, therefore 25 Working Register is then read from memory and loaded into 

recorded messages (i.e., those with smaller than expected tlie Working Register. (For the first operation, it is the initial 

sequence numbers) will not be accepted. Spoofing of mes- secd '> ^ Working Register is then incremented x times, 

sages is prevented since modifying the function code (from ^ th the input data being x "0"s. The resulting state of the 

a lock command into an unlock command, for example) will Working Register is then saved back to memory, replacing 

cause the receiver to calculate an incorrect authenticator 30 . P reviousl y ^ veA seed, and the sequence number is 

Since the authentication algorithm uses a cryptographic key m«emonted. 1 he function code is then modulo-2 added to 

known only to the transmitter and receiver, unauthorized L? 5 0f ^ e ^* ster ^ eet ^ Dac ^ : on a bit-by-bit basis. The 

panto cannot S e«er,te Die atitnenitaiot that cornsponos to „™,° E y Unto. II, Wotting 

, fnncnot, code or thci, an. toctCotc c„„, SS?£ftCCC^»£5«; 



number will cause the authentication to fail since the authen- and z=24 to provide a high level of security while conserv- 

ttcahon algorithm wili.not be in the correct state. 40 ing battery power. Other values could be used, however) 

fhe message structure for a resynchronization message is Receiver Operation 
identical to FIG. 3, except that the Sequence Number field The following description illustrates the typical opera- 
contains a randomly generated value instead of the actual tions rwriormed when a message is received- 
sequence number. The message structure for the receiver 

programming message is shown in FIG. 4. 45 ~~ ~__ _____ — 

Algorithm Example BEGIN norms! message reception 

A number of authentication algorithms are available in the if Z SSto?© is reco^^tSat etttae 

literature and can be used within this invention. However, a if the received SN is no mote than k incretoenu 

linear feedback shift register (LFSR) with a non-linear 4™ she last S.v (hen eondnue else done 

output function will be used in the following descriptions 50 ^„Jj£JS ** seed cormjon<lin 8 » 
due to its simplicity and effectiveness. ' Scpea. ™ 

A schematic diagram of such an algorithm is shown in increment ibe WRx anas with input <to* = *rr 

FIG. 5. The Working Register is a Galois form of a LFSR, ' 

and its feedback polynomial is determined by the contents of 
the Key Register. Keys should therefore represent primitive 55 
irreducible polynomials of a degree appropriate for the 
length of the Working Register for maximum cryptographic 
strength, but randomly selected binary sequences can also be 
used. The ROM implements a table containing non-linear 
binary sequences that translates an n-bit linear input (n is 6 so 1 
in this example) to a single non-linear binary output. A series 
of such outputs are concatenated to create the actual authen- 
ticator. 

In practice it is preferred to implement the algorithm in 
software executed by a microprocessor. Due to the unique & 
message structore and the dynamic involvement of the Upon receipt of an error-free message with a recognized 
function code field in the algorithm process, a small inex- transmitter ID, the receiver will compare the received 
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sequence number with the sequence number of the last valid 
message. If the sequence number is equal to or less than the 
previous one or ahead by more than fc increments, the 
message will be ignored. {Typical values of k may range 
from 64 to 5 1 2.) If the received sequence number is greater 5 
by not more than fc increments, the receiver will load the 
Working Register with the seed that corresponds to that 
particular transmitter IB. (This allows the receiver to auto- 
matically resynchronize to the transmitter to recover from 
those situations in which messages are received in error due 10 
to RF noise, or the transmitter is operated beyond the range 
of the receiver. It also allows one receiver to operate with 
multiple transmitters.) The receiver will increment the algo- 
rithm x times with the input data being "0"s, and increment 15 
its sequence number once. This process is repeated until the 
receiver's sequence number equals the received sequence 
number. The state of the Working Register is then tempo- 
rarily saved for later use. The received function code is then 
modulo-2 added to the Working Register feedback on a 20 
bit-by-bit basis. The Working Register is then incremented 
y more times. The Working Register is incremented an 
additional z times, and the z bits generated by the algorithm 
are compared to the received authenticator. If the authenti- 
cators were not equal, the message will be ignored. If they as 
were equal, the state of the Working Register temporarily 
saved earlier in the process will be saved for later use, 
replacing the previous seed. The new sequence number 
would then also be saved, and the receiver would perform 
the operation indicated by the received function code. 30 
Rcsynchroni/jition 

Since this invention docs not use two-way communica- 
tion, another method was necessary to recover from situa- 
tions in which the transmitter and receiver lose crypto- 
graphic synchronization. This method provides three 35 
different forms of resynchronization, depending 00 the 
extent of the synchronization loss. 

The first level of resynchronization occurs when the 
transmitter's sequence number is greater than the receiver's 
by not more than k increments. In this case, the receiver will f 0 
automatically advance to the transmitter's sequence number 
and then authenticate the message. 

The next level of resynchronization allows recovery when 
the transmitter's sequence number is greater than the receiv- 
er's by more than k increments. This function must be 45 
initiated by the user, typically by depressing two buttons 
simultaneously. (This will usually only be required when the 
transmitter's battery is replaced.) The following special 
processing is performed: 



IfiiEtra _.,„,„ 

Load the WR with the original initial seed 



Iiw<si3bk tot WR <R*s> times with, mpus data = "0" 

Ma&.l add die reccived^coae wt&edback bit-by- 
bit and increment the WK 
feeoemem the WR y times 

Increment the WR z nines and read ihc amiientieator outpm 
If the calculated authenticator is equal to Use 
received mitheittieator then continue else done 

Id in temporary storage far that 



The final level of resynchronization (or initialization) is 
used to program the receiver to recognize the particular 
transmitter. This should only be required when transmitters 
or the receiver are replaced due to loss or failure, at can also 
used by the keyless entry system manufacturer to initially 
pair transmitters to a receiver.) Transmission of this mes- 
sage, shown in FIG. 4, must also be manually initiated, for 
example by depressing two buttons and holding them down 
for some length of time. In order for this message to be acted 
upon by the receiver, the receiver must be set in a program 
mode by a program switch 22 (HG. 1). For example, a 
jumper is inserted into a special connector located some- 
where within the vehicle. The following special processing 



i» the CSC, and transmit the 



The receiver will perform the following processing when 
a receiver programming message is received: 




inc. the fiatcdon code (FQ 

ieaiaadomraujibertR) 

te Working Register (WR) with (it 



increment the WR (R*S) rimes with taftoi data ~ "( 
Save the WR state for ssse as die next seed 
Reset said save the seqEence number (SN> 
Mod-2 add the FC to the WR feedback bit-by-bi! tu 
creasettt the WR 

Increment die WR y times 



Security Analysis 

The ability of this invention to provide a high level of 
message protection depends on a number of factors. For 
example, the length of the authenticator and key space of the 
algorithm must be selected to minimize the likelihood that 
an exhaustive search can succeed. The algorithm must also 
be designed to avoid any mathematical weaknesses that 
would allow valid aufhenticators to be created, or its keys to 
be recovered, using analytical techniques atone. The system 
itself must also be considered, since improper implementa- 
tion of the security mechanisms may introduce additional 
vulnerabilities that can be exploited by an adversary. In the 
Knar, no attack scenario should be successful in less time or 



_ . , , ,,. f;n!s - 10 aaacjc scenario snould be successful in less time or 

Typical values of R and S may range from 32 to 256. The 65 with fewer resources than, required for an exhaustive search 
receiver will perform the following processing when this The invention meets these requirements 
~ sage is received: Playback and Spoof Attacks 
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This invention uses cryptographic authentication to pro- 
tect keyless entry systems from accepting recorded mes- 
sages that have been played back as well as those that have 
been modified and played back. It also protects against 
transmitters intended to deceive the receiver into accepting s 
unauthorized messages as legitimate. 

Recorded messages will not be accepted as valid due to 
the sequence number and authenticator. For example, the 
receiver' s sequence number is incremented with each valid 
reception, and it will not accept messages with an equal or 
smaller sequence number, fit addition, the sequence number 10 
itself cannot simply be modified since that would alter the 
authenticator calculated when the false message is received. 

Hie message also cannot be modified in such a way as to 
be acceptable to the receiver since the authenticator is based 
on mathematically complex interactions among the algo- 13 
rithm, the key, a unique initial seed, and the function code. 
Even if the algorithm and key are known to a thief, he will 
not know the initial seed for any particular transnritler since 
they are unique to each transmitter and are generated ran- 
domly when the transmitters are programmed during their 20 
manufacture. Without knowledge of the initial seed, posses- 
sion of the algorithm, key, and sequence number will not 
allow a valid authenticator to be economicaUy generated for 
any given function code. 

The same reasoning applies to messages from unautho- M 
rized transmitters intending to deceive a receiver into 
accepting function codes of the thief's choice. A valid 
authenticator cannot be calculated for any given transmitter 
without knowledge of its unique initial seed, even if the thief 
knows the algorithm, key, and sequence number. 

A recorded message also cannot be played back to a 30 
different receiver since their initial seeds are different. This 
would cause fee authenticates to fail, even if the transmitter 
ID and sequence numbers were modified to be valid for that 
receiver and die proper key was used. 

The embodiments of the invention in which an exclusive 35 
property or privilege is claimed are defined as follows: 

1. In a keyless entry system for performing any of a 
plurality of functions in a protected environment and having 
3 receiver and it least one remote transmitter, the method of „ 
encoding a command for transmission to the receiver and for 
authenticating the command comprising the steps of: 

installing into each transmitter and the receiver a crypto- 
graphic algorithm inciading a programmable crypto- 
graphic key for defining mathematical operations of the 45 
algorithm, a transmitter ID and an initial seed code 
peculiar to each transmitter, and a plurality of function 

n the transmitte 



10 



m the transmitter, changing the seed code to a new value 
according to a predetermined function upon each trans- 
mission and replacing the seed code with the new 
value; 

in the receiver, changing the seed code to a new value 
according to the same predetermined function for each 
transmission and replacing the seed code with the new 
value, whereby the seed code progressively changes in 
the same manner in both transmitter and receiver. 
^3, The invention as defined in claim 1 including the steps 

a sequence number in the transmitter and 



m the transmitter, updating the sequence cumber and the 
seed code to new values each according to a predeter- 
mined function upon each transmission and storing the 
updated values; 

with each trans- 



in the receiver, synchronising with the transmitter by 
updating the sequence number and the seed code 
according to the same pi^termmed functions until the 
receiver sequence number matches the tn 



it sequence number, thereby changing the seed code 
in the receiver to the same value as the transmitter seed 



4.. use 



defined in claim 3 wherein each time 
the seed code is updated it is advanced ihrough a predeter- 
mined plurality of states, so that sequential transmitted 
authenticator codes do not correspond to sequential algo- 



in claim 3 including the stops 



5 . The in 
in the receiver of: 
comparing the transmitter sequence number and the 

receiver sequence number; 
determining the transmission to be invalid if the trans- 
mitted sequence number corresponds to a transmission 
prior to the current receiver sequence number, 
6. The invention as defined in claim 3 wherein the step of 
updating the sequence number comprises incrementing the 
sequence number, and including the steps of; 
comparing the transmitter sequence number and the 

receiver sequence number; and 
terminating the receiver calculations if the transmitter 
sequence number is lower than the receiver sequence 
number. 

._ 7 - Tbe invention as defined in claim 1 wherein in the 

selecting a function code for performing a predeter- so transmittcr the receiver the step of calculating the 

mined function, authenticator code comprises: 

calculating an authenticate! code by the algorithm as a operating on the seed code and the function code by the 
function of both the seed code and the function code, algorithm to produce a sequence of data bits; and 

mA converting the data bits to an authenticator code by a 

transmitting the transmitter ID, the function code and 55 nonlinear conversion, whereby the transmitted autfsen- 
tne authenticator code to the receiver; and in the ticator code does not reveal the direct output of the 



venfymg the transmitter ID by comparing with an ID 8. In a keyless entry system for forming a predeter- 

rnstalled in the receiver, mined function in a protected environment having a receiver 

then calculating an authenticator code by the algorithm go at least one remote transmitter, the method of encoding 

as a function of both the transmitted function code a command for transmission to the receiver and for authen- 

and the seed code; and ticating the command comprising the steps of: 

T^Tf ^.f X fuming ^ each transmitter and the receiver a crypto- 

ShSS^J. rCTO Cakukttd graphic ***** k"*"** a for defininf^ 

authenticator code. 65 algorithm operation, a transmitter ID, a sequence num- 

2. The invention as defined in claim 1 including the steps ber ami an initial set^e peculiar to eK^te. 

and a plurality of function codes; 
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selecting a function cade for performing the predeter- 
mined function; 

calculating an authentieator code by the algorithm as a 
function of both the seed code and the function code; . 

updating the seed code and the sequence number; and ' 

transmitting the transmitter ID, the sequence number, 
the function code and: the authentieator code to the 
receiver; and in the receiver: 

verifying the transmitter ID by comparing with an ID 
installed in the receiver; i 

i v receivci cquence number corresponding to the 
verified ID is within a limited number of increments 
of the transmitted sequence number, updating the 
seed code corresponding to the transmitted ID and 
the receiver sequence number until the receiver 
sequence number matches the transmitted sequence 1 
number; 

then calculating an authentieator code 
as a function of both the transit: ' 
and the updated seed code; and 



.__ jr calculated 

authentieator code. 
9. The invention as defined in claim 8 including the 
method of ^synchronizing the transmitter and receiver 
when the receiver sequence number corresponding to the 
verified ID is not within the limited number of increments of 
the transmitted sequence number, comprising the steps of: 

selecting a random number R; 

updating the initial seed code a number of times equal 
to the product of R and s, where s is a predetermined 
number stored in both the transmitter and the 



programming the transmitter upon manufacture with a 
cryptographic key for defining the mathematical opera- 
tions of the algorithm, a transmitter ID and the initial 
seed code; 

manually enabling the receiver for initialteation; 
assembling a message in the transmitter including the 

transmitter ID, the key and the initial seed code; 
calculating a CRC for the message; 
transmitting die message and the CRC to the receiver; 
verifying the CRC in the receiver, and 
then storing in the receiver the transmitter ID, the key and 
the initial seed code related to that ID, whereby the 
id receiver are synchronized for authenti- 



12. In a keyless entry system having a remo 
for commanding any of a plurality of functions 
environment and a receiver for responding to the 



•ft - « 1C ujjmueu scuu t-oue, ana ana carrymg out the commanded function, a secure com- 

nr , m «*tfi 1 " comparing the transmit- 20 munication method carried out by a cryptographic algorithm 
ted authenticate code with the receiver calculated in both the transmitter and receiver for generating an authen- 
tieator code, wherein each algorithm includes a working 
register and means for incrementing the register with input 
data to produce an authentieator output and working register 
feedback; the cotnmunication method comprising the steps 



incorporating into the transmitter and the receiver a 
cryptographic key for deterinining the mathematical 
operations of the algorithm, a transmitter ID, and an 
initial register state for the working register, a func- 
tion code for each function, and integers y and 1; 



setting the sequence number to a default value; 
generating an authentication code by the algorithm 

using the updated seed code; and 35 
transmitting the random number R and the authentica- 
tion code to fee receiver; and in the receiver: 
updating the initial seed code a number of times equal 

to the product of R and s; 
generating a receiver authentication code by the algo- 40 

rithm using the updated seed code; and 
if the transmitted authentication code and the receiver 
authentication code are equal, then setting the 
sequence number to the default value and saving the 
updated seed' code. 
10. The invention as defined in claim 1 including the 
method of programming the receiver to recognize the trans- 
mitter wherein only the transmitter is programmed with a 
cryptographic key, a transmitter ID and the initial seed code, 
comprising the steps of: 
manually enabling the receiver for initialization; 50 
assembling a message in the transmitter including the ID, 

the key and the initial seed code; 
calculating a cycle redundancy code CRC for the mes- 
sage; ss 
transmitting the message and the CRC to the receiver; 
verifying the CRC in the receiver; and 
then storing in the receiver the transmitter ID, the key and 
initial seed code related to that ID, whereby the trans- 
mitter and receiver '--■* r - 



11. The invention as defined in claim 1 wherein the step 
of installing into each transmitter and the receiver comprises 
the steps of: 

installing the cryptographic algorithm and a plurality of ss 
function codes into each transmitter and the receiver 
upon manufacture; 



a) determining a function code for performing the 
commanded function; 

b) loading the working register with the register state; 

c) modulo-2 adding the function code to she working 
register feedback bit-by-bit and incrementing the 
working register for each function code.bit; 

d) incrementing the working register y times; 

e) incrementing the working register z times and read- 



the function code and the authentieator code; and in 
the receiver: 

g) verifying the ED by comparing with an ID stored in 
the receiver; 

h) executing steps a through e using the received 
function code, and the receiver register state to 
generate a receiver authentieator code; 

and verifying the transmission by comparing the trans- 
mitted authentieator code with the receiver authen- 
tieator code. 

13. The invention as defined in claim 12 wherein the 
transmitter and receiver are programmed with a sequence 
number and an integer x, and 

in the transmitter, after step b, including the steps of: 

i) incrementing the working register x times with input 
data equal to zero; 

j) saving the register state; 

k) incrementing and saving the sequence number; and 
1) transmittmg the sequence number as part of the 

message; and 
in the receiver: 

comparing the receiver sequence number with the 



repeating steps i through k until the receiver sequence 
number is equal to the transmitted sequence number. 



